Data broker hires U.S. security official

Associated Press

ATLANTA - Data broker ChoicePoint Inc., whose enormous consumer-information file was breached last fall, said yesterday that it has hired a top official at the government agency that oversees airport screening to review the way the company screens its customers.

The Alpharetta, Ga., company said Carol A. DiBattiste, deputy administrator of the Transportation Security Administration, has been appointed the company's chief credentialing, compliance and privacy officer.

DiBattiste will report to the company's board of directors not to Derek V. Smith, ChoicePoint's chairman and chief executive.

The TSA has been criticized for possible violations of privacy laws by asking airlines in the wake of the Sept. 11, 2001, terrorist attacks to turn over passenger data without their knowledge or consent.

At ChoicePoint, DiBattiste will lead an independent office in Washington that will oversee improvements in the company's screening and implementation of procedures to expedite the reporting of incidents.

ChoicePoint said in a statement that DiBattiste also will head efforts to expand a program that involves site visits to make sure customers are who they say they are.

DiBattiste will leave TSA April 15 and join ChoicePoint May 2, said company spokeswoman Kristen McCaughan. She said she could not comment beyond the statement and that Smith was out of the office and unavailable for comment yesterday.

TSA spokeswoman Yolanda Clark said DiBattiste was on vacation yesterday and not available for comment.

ChoicePoint announced last month that the personal information of 145,000 Americans might have been compromised in a breach in which thieves posing as small-business customers gained access to its database.

Authorities say at least 750 people were defrauded. The incident has fueled consumer advocates' calls for federal oversight of the loosely regulated data-brokering business, and congressional hearings are to be scheduled on the issue.

The company's shares fell 8 cents, to close at $37.97 yesterday on the New York Stock Exchange. The shares have fallen about 17 percent since the breach, uncovered in October, was announced Feb. 15.

The Securities and Exchange Commission and the Federal Trade Commission are investigating ChoicePoint in the wake of the breach.

ChoicePoint's decision to hire DiBattiste was wise, said Bruce Simpson, an analyst with William Blair & Co. in Chicago.

"I feel like the extent to which this particular incident has ballooned was beyond the extent of any prior inquiries by law enforcement, and therefore, when I see them moving to tighten up customer credentialing, I feel like that is an appropriate response," Simpson said.

The criticism of the company's prior efforts at protecting consumer information in light of the breach is fair to some degree, Simpson said, adding, "They got burned in this case."

DiBattiste also will be responsible for helping to establish policies regarding the company's compliance with local, state and federal privacy laws, regulations and company policies.

DiBattiste, a former undersecretary of the Air Force, also was director of the Executive Office for U.S. Attorneys, deputy U.S. attorney for the Southern District of Florida, an assistant U.S. attorney and one of the Air Force's top prosecutors.

ChoicePoint collects data on individuals, including Social Security numbers, real estate holdings and current and former addresses. It has about 19 billion records, and its customers include insurance companies, financial institutions and federal, state and local agencies.

In Los Angeles, a Nigerian national who used personal information obtained from ChoicePoint and other companies in 2002 to commit identity theft was sentenced Monday to 5 1/2 years in federal prison.

U.S. District Judge Gary A. Feess also ordered Adedayo Benson, 38, to pay nearly $155,000 in restitution to 10 financial institutions, federal prosecutors said in a statement.

Authorities say Benson, of the Encino, Calif., area was involved in a nationwide credit-card scheme. Benson opened "mail drops" to which he redirected mail from victims' credit-card companies, then used the cards to make fraudulent purchases and get cash advances.

Investigators have declined to say whether the 2002 credit-card scheme and the breach of ChoicePoint's database are connected.